I have a big problem right now with a game I made. we're keeping scores
on the matches and there a re several people running scripts that inject
scores into the database.
I have looked for the past 2 days for a way to protect against this, but in
all pages I've found how to protect against html code injection, but not
how to protect agains someone making a form and sending the parameters
needed for the script to work.
I currently check for time interval so that you cannot run the script more
than once per minute.
But I just can't seem to find how to check if the call is being made form
the actual game.
once after every minute and something, but I can't say for sure that's what
they are doing. I just see that the matches stored in the database are just
impossible. the have a match every minute and ten seconds or so. or every
other minute the whole day, continuouslly. it has got to be a robot right?
I tried using info form $_server but didn't find something that works.
the call is made from a flash game and received by php.
Any hint or suggestion is greatly apreciated.
Newen, the guy with blue hair.